Foreign Actor’s Hack of Court System Risks Law Enforcement Data

A foreign adversary’s breach of the federal judiciary’s case management system risks exposing sensitive law enforcement probes, in the latest cyberattack targeting the US government’s investigative tactics.

Law enforcement sources and methods, as well as details about the targets and cooperators of criminal investigations, are among the types of information that could be compromised, according to legal experts.

Bloomberg Law reported Tuesday that a foreign adversary gained access to sealed records in the US courts’ docket system in at least three federal circuits. The intrusion exposed cases involving espionage and other sensitive areas, including money laundering and agents of foreign governments. Russia was at least in part behind the cyberattack, the New York Times reported.

The perpetrators may be interested in any sealed information that helps outline the “road map” of an investigation, such as through wiretap and search warrant requests, said Adam Hickey, a former Justice Department computer crime investigator.

“You’re going to be concerned as a prosecutor that something you file that lays out your investigation of a cartel or a terrorist group or other criminal organization will have fallen into the hands of the people you’re pursuing, or people who have an interest in interfering with your investigation,” Hickey, now a partner at Mayer Brown, said.

Access to evidence on how the US is pursuing cyber intrusion cases could also prove to be a “great benefit” to hackers, potentially giving them strategic information on how to change their methods, said Gregory Gonzalez, a former DOJ national security attorney.

The breach is part of a recent wave of significant cyberattacks in the US, and it appears to show the targeting of sensitive investigative data is becoming a bigger challenge for the US, said Carrie Cordero, a senior fellow and general counsel at the Center for a New American Security.

“It raises the question of whether there is a bigger problem of adversary nation-states targeting investigative information so that they can learn how the US government is conducting investigations of those nation states’ intelligence activities,” she said.

‘More Vulnerable’

US courts haven’t disclosed how many sealed cases were exposed by the breach, and it’s unclear what implications it could have for espionage and counterintelligence matters potentially targeted.

More than a dozen federal courts across seven circuits have updated their procedures for attorneys filing highly sensitive cases since June, with some ordering that all sealed records be submitted as hard copies.

Gonzalez, now a partner at Wilkinson Barker Knauer LLP, said classified information and files tied to targets under the Foreign Intelligence Surveillance Act generally receive extra layers of protection and likely wouldn’t be affected by a breach of district courts’ digital dockets.

Prosecutors generally know that courts’ cybersecurity is less secure than classified networks, he said.

“If you’re putting it on systems and unclassified networks, even if it’s sensitive in the judicial context, you have to have in the back of your mind that this is more vulnerable,” he said.

Still, the breach demonstrates a vulnerability for the courts, as well as the persistent challenge the US faces in shielding critical law enforcement efforts. In 2022, Rep. Jerry Nadler (D-N.Y.) revealed that three unnamed foreign actors had breached the courts’ document management system in 2020, which he said had a “disturbing impact” on civil and criminal litigation and national security.

Later in 2022, the US unsealed charges against two Chinese intelligence officers for allegedly trying to obstruct a Justice Department criminal investigation of Huawei Technologies Co.

The judiciary in an Aug. 7 statement described the latest breach as “escalated cyberattacks of a sophisticated and persistent nature.”

“We know that US adversaries look to gain access to sensitive information in US government systems, and any instance when sensitive information is compromised is incredibly concerning,” said Matthew Olsen, a WilmerHale partner who led DOJ’s national security division during President Joe Biden administration. “National security and law enforcement concerns are elevated when the perpetrator is an adversary.”